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Abstract —We introduce a counter-example guided inductive 
synthesis (CEGIS) framework for synthesizing continuous-time 
switching controllers that guarantee reach while stay (RWS) 
properties of the closed loop system. The solution is based on 
synthesizing control Lyapunov functions (CLFs) for switched 
systems, that yield switching controllers with a guaranteed 
minimum dwell time in each mode. Next, we use a CEGIS- 
based approach to iteratively solve the resulting quantified exists- 
forall constraints, and find a CLF. We introduce refinements 
to the CEGIS procedure to guarantee termination, as well as 
heuristics to increase convergence speed. Finally, we evaluate our 
approach on a set of benchmarks ranging from two to six state 
variables, providing a preliminary comparison with related tools. 
Our approach shows significant speedups, thus demonstrating 
the promise of nonlinear SMT solvers for synthesizing provably 
correct switching control laws. 

1. Introduction 

In this paper, we study the problem of automatically syn¬ 
thesizing continuous-time switching controllers for ensuring 
Reach-While-Stay (RWS) properties of polynomial systems. 
RWS properties specify a set of goal states G and a set of 
safe states S. The controller synthesis consists of synthesizing 
a winning region W C S and W such that the system 
initialized inside W is guaranteed to stay inside W until a 
goal state in G is eventually reached. Additionally, to ensure 
that the winning region is large enough, we specify an initial 
set / and require that I C W. Such properties commonly 
arise in many situations such as stabilizing the output of a 
system to a goal region, while ensuring that the intermediate 
“transients” stay within safe bounds, or enable an autonomous 
vehicle to reach a target while staying away from obstacles. 
Our approach considers switched system plant models with 
finitely many control modes and continuous state variables 
whose dynamics in each mode are described by ODEs. The 
goal of the controller synthesis is to find a switching controller 
that chooses a control mode, given the current mode and 
continuous state. 

Our approach synthesizes a control Lyapunov function 
(CLF), which can be made to decrease along the traces of 
the closed loop system, guaranteeing that the traces reach a 
designated, desirable region while staying in the safe region. 
As such, finding a CLF yields a switching function that simply 
chooses an appropriate control mode that ensures its decrease. 
However, for continuous-time switching, we are faced with 
the problem of zenoness caused by the controller switching 
infinitely often in a finite time interval, and thus, preventing 
time from diverging. Therefore, we provide sufficient condi¬ 
tions on the switching strategy that ensure that the resulting 


switching function respects a minimum dwell time for each 
control mode. 

The synthesis procedure iteratively searches for a CLF 
using Satisfiability Modulo Theory (SMT) solvers through a 
well-known procedure for program synthesis called counter¬ 
example guided inductive synthesis (CEGIS) CHS. Whereas 
CEGIS was originally proposed for synthesizing unknown 
parameters for programs (called sketches) so that assertions 
(safety properties) in the program are satisfied by all execu¬ 
tions, we propose to reuse the basic insights for synthesizing 
controllers. Since the search space is infinite (and continuous), 
there is no guarantee that the process terminates. We show 
an adaptation of CEGIS to our setting that ensures eventual 
termination of the CEGIS algorithm. 

We provide an implementation of the CEGIS approach for 
synthesizing controllers using the SMT solvers Z3 for linear 
arithmetic Bl and the dReal (5—satisfiability solver for nonlin¬ 
ear arithmetic constraints O . The evaluation shows the ability 
of our approach to effectively synthesize switching controllers 
with guaranteed minimal dwell time for 20 benchmark systems 
drawn from the related literature. On the other hand, the 
high complexity of nonlinear arithmetic decision procedures 
cause our approach to fail on 2 out of the 20 benchmarks 
attempted. Nevertheless, we provide a preliminary comparison 
that suggests that our approach is quite competitive with other 
state-of-the-art approach for the synthesis of controllers to 
guarantee temporal logic objectives. However, we are explor¬ 
ing relaxations for the non-linear constraints using well-known 
schemes such as SOS programming An important tech¬ 
nical limitation of these relaxations that prevents their direct 
use in this paper lies in the lack of useful witnesses in case a 
given constraint is satisfiable. The contributions of this paper 
are summarized below: (A) We synthesize minimum dwell- 
time enforcing controllers that guarantee RWS from CLFs. 
(B) We adapt the well-known CEGIS algorithm to discover 
CLFs for polynomial switched systems CHS. (C) We show 
how the CEGIS search for candidate CLFs can be modified 
to guarantee finite termination. (D) We employ a heuristic 
to find better witness points that significantly improve the 
proposed approach. (E) We provide an experimental evaluation 
on a number of interesting benchmarks that demonstrates the 
promise of our approach, as well as its limitations. 

A. Related Work 

Verification: The stability of hybrid systems has been studied 
widely. Lyapunov functions remain a simple, yet powerful, 
approach for proving various forms of stability. The problem 


of synthesizing Lyapunov functions has been approached using 
ideas such as SOS programming that reduces the conditions 
for a Lyapunov function for a given system to a semi-definite 
optimization problem 00. Lyapunov function approach 
naturally extends to liveness properties (such as RWS). 

Synthesis: Beyond verification, much work has focused 

on designing correct-by-construction controllers for various 
liveness properties, especially stability. The problem for syn¬ 
thesis is generally much harder than verification. A common 
approach to synthesizes control Lyapunov functions (CLFs) 
whose values can be decreased at each time instant through 
an appropriate control input 13. For continuous-time plants, 
CLFs can yield an associated static feedback law that guar¬ 
antees stability under some necessary conditions originally 
proposed by Artstein m. The problem formulation for syn¬ 
thesizing CLFs yields NP-hard, bilinear matrix inequalities 
(BMI). The BMI problem is solved directly using gradient 
descent ifTOll or using a heuristic such as V-K iteration ifTTIl 
(or elsewhere called policy iteration El), which is often 
susceptible to failures due to local minima. Tan et. al. El 
formulate these conditions as a BMI and use off-the-shelf 
approaches to tackle the resulting BMIs. Rifford ifT^ discusses 
the converse results on control Lyapunov functions, i.e. if 
a system is globally asymptotically controllable, then there 
exists a locally Lipschitz control Lyapunov function. This 
justifies the use of Lyapunov function based methods. 

Switched Controllers: In this article, the problem is to find 
a switching logic such that the closed loop system satisfies a 
RWS property. A large volume of work on switched system 
has focused on linear switched systems and the use of linear 
matrix inequalities to find controllers. Details are available 
from the textbook by Liberzon El, and the survey articles by 
Lin and Ansaklis El El. Our approach here considers the 
continuous-time switched systems of more general polynomial 
dynamical systems. Furthermore, our focus is on synthesis to 
guarantee a minimum dwell time in each switching mode, and 
the use of CEGIS to find CLFs. These aspects are, to the best 
of our knowledge, unique to this work. 

Another approach to controller synthesis is proposed by 
Taly et al. El- They consider the problem of synthesizing 
switching conditions for hybrid systems, so that the resulting 
system guarantees safety and liveness properties. The pro¬ 
posed method proves reachability by finding some progress 
certificates similar to Lyapunov functions. They reduce their 
synthesis to solving a system of nonlinear constraints. Our 
work here differs in the certificates used to prove desired 
property (these certificates are much simpler in our method) 
and the process of finding such certificate. 

Dimitrova and Majumdhar investigate proof systems for 
solving general parity games on continuous state-spaces using 
Lyapunov-like functions El- Their approach subsumes RWS 
properties. However, they do not provide an approach to 
synthesize these functions. The CEGIS approach presented 
here is a good candidate for such a mechanization, and the 
combination will be investigated as part of future work. 


Another paradigm for synthesizing controllers is to define an 
abstract system and find a simulation (or approximate bisim¬ 
ulation) relation between the abstract system and the original 
system. These approaches are able to handle more general 
specifications (usually a sub-class of LTL) and they are not 
restricted to liveness properties, per se. The PESSOA tool 1^ 
uses finite abstraction to discretize a continuous-time system, 
and solves a completely discrete problem. One problem with 
this approach is the number of the abstract states, which can 
grow very large if we want them to be precise. Recently, 
Camara et. al. 1^ proposed multi-scale abstraction to keep the 
number of states small and subsequently, Nilsson et. al. fT2\ 
proposed a CEGAR-based approach to refine the abstraction, 
whenever it is needed to avoid large number of abstract states. 
Our approach does not directly partition the state-space. On the 
other hand, the nonlinear SMT solvers such as dReal that are 
used in the CEGIS approach implicitly partition the state-space 
during the search for a CLF. However, such a partitioning is 
adaptive and is guided by the formula whose satisfiability is 
being decided. The preliminary evaluation provided shows that 
our approach can potentially be much faster in terms of time. 

Fast Switches Most of aforementioned works consider 
discrete-time feedback for switched systems. When the feed¬ 
back is continuous, extra care should be taken for infinitely 
fast switches. This phenomenon is common in many types 
of control, including sliding mode control (231 |24l. Asarin 
et. al. f25\ propose another method for enforcing min-dwell 
time property for finite-abstraction based synthesis. Taly et. 
al. ca use “Progress Invariants” to prove min-dwell time 
properties (for each switch the value of Lyapunov function 
should decrease at least e > 0 unit). Here, we develop a 
simpler strategy to guarantee a minimum dwell time. 

CEGIS: The CEGIS framework has been used widely for 
solving 3V formulae in synthesis problems O. The idea 
here is to find a candidate solution based on some finite 
number of examples. Although CEGIS was first proposed in 
the computer science literature by Solar-Lezama et al. (H, 
variants of this approach are not unknown to the hybrid 
systems community. This strategy has been mainly used to 
find a solution for 3V formulae to solve parameter synthe¬ 
sis problems in programming languages ( CHS to mention 
few) and hybrid systems (261 IZTll . Topcu et al. consider 
a simulation-based approach for finding maximal region of 
attraction for continuous systems (28l. They employ a CEGIS- 
like approach that avoids solving a BMI through sampling 
finitely many witness points that are likely to belong to the 
region of attraction. A LMI is used to search for a Lyapunov 
function that includes these witness points. Also Kapinski et. 
al. (^ employ a CEGIS approach for synthesizing Lyapunov 
functions based on simulation results (initiated from witness 
points). In contrast, our approach considers switched systems 
and focuses on synthesizing CLFs. We also do not perform any 
sort of simulations for the witness points in our approach. 


11. Preliminaries 

Let N, M and IR+ denote the set of natural , real and 
nonnegative real numbers respectively. Let 0 be the zero vector 
of proper size. For n G N and real number S > 0, let 
Bs{^c) be a ball with radius S and Xc as its center = 

{x I ||x — Xcll < (5}). For a set S, let dS and intls) be 
boundary and interior of S, respectively. Let ]R[x] denote the 
set of all polynomials involving variables in x, wherein each 
polynomial is written as a finite sum p : Cc^x^, where 

the multi-index a is used to denote a monomial x^ and Cq, G M 
is a coefficient. A template polynomial over coefficients C 
is a polynomial F(x, c) : c^x^ whose coefficients 

are parameterized by a set of template variables Cq, G C. 
Given a function / : M ^ M, f~{t) denotes the left limit: 

and denotes the right limit: limt^s/(s). 

As a convention, let f{t) denote the right derivative of the 
function: lim/i^o at x = L If / is differentiable 

then / coincides with its derivative. 

System Model: We first dis¬ 
cuss the system model for our 
controller synthesis problem. The 
system has a plant model which 
describes the physical environ¬ 
ment with continuous dynamics. 

Also, the system has a controller 
which provides a mode for the 
plant (Figure [^. 

The plant has continuous state 
variables x G The controller continuously chooses a mode 
from a finite set of possible control modes q ^ Q, wherein the 
dynamics of the continuous state variables may depend on the 
chosen control mode q. We now define our plant models. 

Definition 1 (Switched Polynomial System): A switched 
polynomial system is a tuple : ((5,X,/), consisting of 
(A) Continuous state-space: X C (n is the number of 
continuous state variables); (B) A finite set Q of (control) 
modes; and (C) A map from each mode q G Q to a 
polynomial vector field fq G M[x]’^, specifying its dynamics. 

The controller is modeled as a memoryless state feedback 
switched controller. 

Definition 2 (Switching Controller): Given a plant : 

a switching controller switch is specified by a 
function switch (g,x) that maps each current mode q G Q 
and plant state x G X to a next mode q E Q. 

A control implementation conforms to this specification by 
choosing the next mode specified in switch(g^, x). 

Definition 3 (Closed Loop System): The composition of 
the plant and a controller switch yields a deterministic 
switched system $(X, Q,/, G) with continuous variable x, 
modes Q, dynamics given by fq in each mode q E Q. 
The transition from mode q to q has the guard set Gq^q : 
{x|switch(g', x) = q} 

The set of traces of the closed-loop switched system rep¬ 
resents all executions of the switched system that respects 
the plant dynamics and switches according to the controller 


specification. Formally, a trace tr : M+ —^ Q x X is a function 
mapping time t E to the mode and state of the plant at 
that time. Let tr^ (ti'g) denote the projections of the trace tr 
onto the sets X (and Q). For a trace to be valid, it must satisfy 
the following conditions: 

• The switching times SwitchTimes(tr) : {t E 

M+ I trg(f) 7 ^ trg(f)} form a finite, or countably infinite 
set. 

• For all non-switching times t E \ SwitchTimes(tr), 
writing q : trQ(t), we have trx is differentiable at t and 

• For all switching times t E M+nSwitchTimes(tr), writing 
q : trg(t) and q : trg(f), we have q = s\N\tch{q,Ux{t)) 
and the right derivative trx{t) = fq{trx{t)). 

A trace is time divergent if for all A > 0, SwitchTimes(tr)n 
[0, A] is a finite set. 

Specification: We want the continuous state x to reach from 
initial (compact) set / C X to goal (compact) set G C X, 
while staying in safe (compact) sets S C X. 

Definition 4 (Reach While Stay): The closed loop switched 
system satisfies RWS w.r.t (/, G, S) iff for all traces tr, 
(trx G I) {trx E S) U (tr^ G G). 

To eliminate some technical arguments we assume / C int(S). 
The problem we study in this paper is synthesizing a controller 
that guarantees RWS w.r.t (/, G, S) for the closed loop system. 
Also we are interested in finding a big region W 3 / s.t. the 
system satisfies RWS w.r.t (W^G^S). 

Problem 1: Given S', G and / C int(S) and a plant 
find a switch function and a region W 3 / s.t. the closed 
loop switched system ^ satisfies RWS w.r.t (IL, G, S). 

III. Lyapunov Function eor Switched Systems 

We recall Lyapunov and control Lyapunov functions for 
RWS properties of switched systems. 

Definition 5: A Lyapunov function for RWS w.r.t (/, G, S) 
is a continuous function V \ X ^ M+ iff there exists a 
constant s.t. 

1) (Vx EdS\G) y(x) > p 

2) {\/xEl\ G) y(x) < P 

3) (Vtr, t" > > 0) (trx(t') ^ int{G) A V{trx{t')) < fi) 

^ V{trx{n)<V{trx{t')) 

For a given trace tr, let try(t) = V{trx{t))- Because of the 
continuity of tr^ and V, the third condition is equivalent to 

3eQ, V tr, (Vt > 0) {trx{t) ^ G ^V{t'Cx{t)) < (3) 
try(t) = < -€q 

This condition simply implies that the value of Lyapunov 
function decreases through time. 

Definition 6 (Region for Lyapunov Function): Given a 
Lyapunov function V, let P be the constant in Def. The 
associated region is defined as IL : {x E X \ V{'k) < P}r\S. 

It is easy to show that (a) IL is a compact set, (b) 
X E dW V{x) = P, (c) I \ G C int{W) 

and (d) IL \ G C int(S). Ultimately we want to show 
(trx C W) (trx C W) U (trx G G) and since 



Fig. 1. The closed loop model 
of the plant and the controller. 
















W C int{S), the system satisfies RWS w.r.t (W^G^S). Our 
overall strategy for controller synthesis is to synthesize a (con¬ 
trol) Lyapunov function. Such function can provide a control 
strategy as well as region W such that the closed loop system 
satisfies the specification. However, while Lyapunov functions 
extend to proving stability for switched/hybrid systems Ha, 
care must be taken to ensure that these techniques are not 
applied to systems with time-convergent traces. Defining the 
asymptotic behavior of such traces as t ^ oo is clearly not 
meaningful, when the time t never diverges. It is possible for 
such trajectories to “converge” to a non-target state, even when 
a Lyapunov function decreases. 

Secondly, since our goal is to synthesize controllers, time 
convergent behaviors represent physically unrealizable control 
strategies, and must be avoided in our closed loop systems. 
Therefore, it is quite essential that our controller synthesis 
technique guarantee that the traces of the resulting closed loop 
system are all time divergent. 


A. Control Lyapunov Function 

We focus, in this work, on finding polynomial control 
Lyapunov functions for guaranteeing RWS. 

Definition 7 (Control Lyapunov Function): A control Lya¬ 
punov function (CLF) w.r.t. (/, G, S) and a plant is a 
polynomial function V (x) iff there exist a [3 and eg s.t. 

(Vx edS\G) y (x) > fiA 
(Vx G / \ G) l/(x) < PA (2) 

(Vx e 5 \ G) (3g e Q) n(x) = ^/,(x) < -eg 


Given a control Lyapunov function V w.r.t (/, G,5'), we 
define an associated set of switching functions that define 
controllers, as follows. 

Definition 8 (Switching Function for CLF): Given a CLF 
V and a function switch : Q x A Q, we say that switch is 
compatible with V iff for every state x G S' \ G and mode g, 
the mode q : switch(g,x) is such that Vqpx) < 0. 

In other words, the controller at any state and any mode 
chooses an input q e Q that makes the control Lyapunov 
function decrease “instantaneously”. Given a CLF, we wish to 
synthesize a controller that establishes RWS w.r.t (IL, G, S). 
However, we cannot yet guarantee that the trajectories of the 
closed loop system will all be time divergent. As a result, we 
first tackle the problem of finding a switching function that 
yields a minimum dwell time for each mode g G Q. In other 
words, whenever the controller switches into a mode g G Q, it 
must stay in that mode for at least some time > 0 before 
transitioning to a different mode g. 


function as follows: 


g if 


switch(g,x) := 


Axg5'\G 
A Vg{x) < -eg 


g otherwise 


( 3 ) 


The switching function above changes mode from g to 
a new mode g whenever the derivative of the CLF Vq is 
above a threshold — ^. The new mode it switches to satisfies 
Vq < —eg. Such a mode is always guaranteed to exist for 
X G S \ G. Otherwise, the current mode is retained. The 
main result shows that using the switching function above, 
whenever the controller switches to mode g, there is a fixed 
lower bound (6m,q > 0) on the time before the controller 
switches to another mode g. 

Theorem 1: For each q ^ Q, there exists a minimum dwell 
time 6m,q > 0 such that for any time T > 0 with trg(T) = 
g, if (a)’ trx(T) e S\G, (b) Vq{trx{T)) < -eg and (c) 
^ S \ G for all t G [T, T 6m g]? then (Vt G [T, T -|- 
5^,,)) %{Xrx{t)) < 

As a corollary, the control mode does not change in 

time [T,T F 6m,qY switch(trg(t),trx(^)) = 

t G [T, T + 6m,q]- 

A closed form expression bound for 6m,q is obtained in 
the proof of Theorem as 6m,q = wherein ei is a 

positive constant s.t. ei > min^e^XG This is computed by 
minimizing the polynomial second Lie derivative of V w.r.t the 
dynamics over the mode g in the set S \G. It can be solved 
conservatively for instance through SOS programming m 
Theorem 2: Given compact sets S, G, I C int{S), a plant 
and a CLF V (x) w.r.t (/, G, S) with associated region W, 
and a controller function switch that conforms to Equation 
the closed loop ^ satisfies the following properties. 

1) System satisfies RWS w.r.t {W,G,S). 

2) All the traces of the closed loop system starting from W 
are time divergent before reaching G. 


Discrete Controller: Given 6m, a time-triggered discrete 
controller computes the switch (g,x) function every 6m time 
units. At the start of each cycle (time T), the controller 
calculates fg(x) and computes a mode it can safely switch to. 
Often many possible next modes may exist, and the controller 
can use other performance criteria to choose the next mode. 
Once chosen, this mode remains fixed until the beginning of 
next cycle ([T + r]). Theorem guarantees that value of CLF 
decreases during each cycle and therefore, we make progress 
towards our goal G. 


IV. Synthesizing CLFs 


Non-Zeno Switching Strategy: As usual, the goal of the 
controller is to ensure that the CLF V(x) decreases along 
any trace. Suppose the current control mode is given by g G 
Q. Choosing a fixed constant A > 1, we define a switching 


The described solution in previous section reduces Prob¬ 
lem to finding a CLF. In this section, we focus on the 
problem of searching a CLF. First, we introduce a general 
CEGIS framework for solving 3V formula for real arithmetics. 



The general problem we wish to solve has the following 
form: 




(3c e C) 


{'ix e i?i) Vfe-F’i,fc(x,c) < 0 
(Vx G i? 2 )Vfe-p 2 ,A:(x,c) < 0 


(4) 


^(Vx G Rm)\JkPrn,k{^,c) < 0 


where Rj is a fixed compact region and Fj^k are functions 
polynomial in x and linear in c. Also Gj^k are functions linear 
in c. The CEGIS algorithm was first introduced to tackle 3V 
constraints such as 0 by Solar-Lezama et al. 0 El. The 
basic idea is to maintain two sets: 

1) A finite set of witnesses: Xi : C X, 

namely, the A-space. 

2) A subset Ci C C, namely, the C-space. 

The C-space represents the set of candidates which are to 
be examined by our procedure while the A-space represents 
test points over which a candidate is tested. The iteration 
involves the following steps: 

Step 1) Choose an arbitrary G Ci to get candidate solution 
for Eq. 0. 

Step 2) Check if Eq. 0 holds for c^. 

(a) If Eq. 0 holds, procedure terminates immedi¬ 
ately. 

(b) Otherwise, a point x^ is obtained at which Eq. 0 
fails. Xi is added to the set of test points (A^+i : 
Ai U {xi}). 

Step 3) C-Space is refined by removing all candidates which 
fail at Xi by not satisfying 0 
The procedure terminates successfully if a solution is found. 
Alternatively, if Cj = 0 then it terminates without finding a 
solution. Einally, the procedure may run forever. 

Representing the C-space: Each set Ci is represented 

using a linear arithmetic formula V^i[c] such that Ci : 
{c I 'ipi[c] holds}. The initial formula Cq is simply 'ipo : 
V,A.G,fe(c) < 0. Step |T1 is implemented using a SMT 
solver to check if ^i is satimable and obtain a candidate Ci 
as a solution to 2 pi IH. Likewise, step is implemented by 
augmenting 2 pi to yield a formula 


^pi+l : -ipi A Aj i’id (5) 

where 'ipij is True if x^ ^ Rj and \//c c) < 0 

otherwise. 


Finding Witnesses: On the other hand, finding witnesses 
requires us to check the satisfiability of a non-linear constraints 
obtained by negating 0 : 


X G i?i A Afc-F’i.fc(x,Ci) > 0 
X G A Afe-F’m,A:(x,Ci) > 0 


( 6 ) 


If yes, a witness x^ is obtained at which the current candidate 
Ci fails to satisfy Eq. Otherwise, we conclude problem is 
solved. However, solving this constraint requires a nonlinear 


arithmetic solver that is capable of finding witnesses. Relax¬ 
ations such as SOS programming can be used to check whether 
the formula 0 is unsatisfiable 0, but failing this, they do 
not provide useful witnesses to generate future candidates. 
Therefore, we resort to a promising approach for checking 0 
implemented in the tool dReal 0. dReal checks if the formula 
is unsatisfiable, and if it reports UNSAT, we conclude that 
the constraints 0 are indeed unsat. Otherwise, it reports 
that a (5-perturbation is satisfiable, and provides us a witness. 
Therefore, using dReal, we run the risk of obtaining additional 
possibly spurious witnesses, and not recognizing if a solution 
has already been found. However, the resulting procedure will 
not yield a wrong solution. 


A. Searching for CLF 

Given a plant and regions S, G and /, We fix a template 
polynomial form U(x, a) parameterized by variables in a G A 
as the desired CEE. The space A is a compact set chosen as a 
hyper-rectangle limiting each G [Li^Ui]. Eormally, we wish 
to find c = (a, eQ,/3) G C : x M x M that satisfies the 

conditions in Def. |7l 


{3ceC){ 


(eg > 0 A /\^ Ok > Lk A Ok < Uk) 

(Vx e dS\G) V (x, a) > /3A 
(VxG/\G) U(x,a) <f3A 

NxgS\G)( V lA(x,a) < -eg ^ 
\ qeQ J 


(7) 


Since the form U(x, a) is linear over the parameters in a, 
the above Equation is a typical case that can be solved by the 
CEGIS framework described above. 


B. Adopting CEGIS to Real Arithmetics 

We now briefly discuss the termination of the CEGIS 
procedure. We noted that termination is possible if a solution 
of the desired form in 0 exists, or alternatively, the C- 
space is exhausted. However, neither situation may result and 
the algorithm may run forever. In this section, we provide a 
simple strengthening of Eq. 0 that guarantees termination. 
We strengthen 0 as follows (when x^ G Rj): 

ipij : VkFj^k{xi,c) < -eTj ( 8 ) 

wherein > 0 are positive constants. The two constraints are 
identical when = 0. Let be a candidate examined at the 
iteration of the CEGIS procedure modified to use Eq. 0- 
Suppose there exists a counter example x^ corresponding to 
Ci. We compute a new refined G-space G^+i. It is easily 
shown the Ci ^ G^+i. Eurthermore, by using 0, we obtain 
the following result that any candidate in a r^-ball around Ci 
is also eliminated. 

Theorem 3: If the CEGIS procedure were modified using 
Eq. 0 with a given ctj > 0, then there exists a constant 
7^ > 0 such that at each iteration i, Br^{ci) fi G^+i = 0. 

As a result, starting from a initial set Go, given Go is a 
compact set, we note that employing the stronger rule 0 
guarantees that at each step, an ry-ball around the current 
solution is also removed. Thus, either a CLE is found or the 





C-space is empty in finitely many iterations. If we exhaust the 
C-space for a given values of it is possible to repeat the 
search by halving to alleviate against the loss of possible 
solutions due to the strengthening of Eq. (0 by (l8](. 

Faster Termination 

A first cut application of the CEGIS approach, presented 
thus far, resulted in a prohibitively large number of witnesses, 
failing on most of our benchmarks. This happens because the 
witnesses and candidate functions returned by the SMT solvers 
are similar (close in term of Euclidean distance). We discuss 
a heuristic to select witnesses at each step of the CEGIS 
procedure, that led to the successful implementation of the 
overall procedure. 

Given a current candidate c^, we may split the search 
for a witness into m parts: find a witness that violates the 
V/c Ci) < 0 (for each 1 < j < m). We will search for 

a counterexample that produces the “most-egregious” violation 
of the constraints possible. Therefore, we wish to maximize 
min/c Ci). However, solvers such as dReal currently 

lack the ability to optimize. Therefore, we simply fix a constant 
7 > 0 and search for satisfying /\^ Fj^/e(x, ) - 7 > 0. 
A larger 7 leads to a more “egregious” violation and a larger 
set of candidates ruled out in the C-space and it is less likely 
to find a candidate that is similar to the previously selected 
candidate. The parameter 7 itself is iteratively reduced to find 
a witness or conclude that no witness exists when 7 = 0. 

Also, the method can considerably get improved by seeding 
with an initial set of points Xq. 

C. Complexity and Incompleteness 

There are many sources of incompleteness: (a) The polyno¬ 
mial template on the CEE with a maximum degree; (b) The use 
of CTj in Eq.[^ and finally (c) the use of a (^-satisfiability solver 
for nonlinear constraints. However, it is possible to reduce this 
incompleteness by making 5 smaller. 

In terms of complexity, solving linear arithmetic constraints 
and quantifier free nonlinear constraints are well-known to be 
NP-hard. In addition, while it is guaranteed that there will 
be a finite number of iterations in the CEGIS procedure, 
this number can be really large. Though we provided some 
heuristics to decrease the number of iterations, the worst case 
can be in the order of 0{dX), where m is the number of 
unknown coefficients in the template and (i is a function of 
Li, Ui and p in Theorem 

V. Evaluation and Discussion 

Our approach was implemented as a Python script that 
wraps around the Z3 m and dReal 11 solvers. The inputs 
to our procedure include a description of the plant model, 
the set S (taken to be a box), the sets G, / are provided 
as balls of radius cfg and a/, respectively. In addition, we 
assume eg is given as input. Our approach requires parameters 
cti = cts corresponding to the first two inequalities in Eq. Q, 
and CTg for third one. The choice of these parameters is 
currently manual, but we are investigating automatic selection 
heuristics as part of our ongoing work. Einally, we assume a 


quadratic CEE template for all benchmarks, with the template 
coefficients belonging to a compact set A : ]\i[Li^Ui], that 
can be specified by the user. 

Benchmarks We collected 20 benchmark instances that 
are used in our evaluation. These benchmarks are taken from 
many sources and adapted to produce problem instances for 
our evaluation |[20l [22l [30^401 . We manually formulated a 
RWS specification where one was not available. Einally, our 
approach does not yet consider disturbances — benchmarks 
with disturbances were modified by setting to nominal values. 
A detailed description of each benchmark can be found in the 
appendix. The results are summarized in Table [T| 

On the positive side, our approach finds a CLF for 18 out 
of the 20 benchmark instances. Our technique was successful 
on some benchmarks with up to 6 state variables. However, our 
approach timed out on 2 of the larger instances: the nonlinear 
solver dReal was responsible for the timeout in each case. 

Preliminary Comparison We also considered a preliminary 
comparison with three implementations: the PESSOA tool by 
Mazo et al. |[20l, the CoSyMa tool by Camara et al. ||2TJ 
l35l and the prototype corresponding to the recent work by 
Nilsson et al. Ea. The implementations for the other related 
approaches could not be obtained. 

Unfortunately, just 8 out of the 20 benchmarks could be 
successfully compared. Reasons included the lack of support 
for some required features, implementation issues and the 
lack of proper documentation. Therefore, the comparisons are 
restricted to the 8 cases that either (a) ran successfully on 
our machines, or (b) instances whose results/running time 
were reported in the corresponding references. Table |T| shows 
a comparison between our method and these methods using 
examples chosen from referenced papers. We found that our 
technique is faster on almost all benchmarks compared, even 
while allowing for the differences in the implementation 
platforms. We attribute this to many reasons: (A) Our approach 
is currently specialized to RWS, whereas other approaches 
consider generic LTL properties. Nevertheless, all comparisons 
involved solving RWS problems, (b) Building a finite abstrac¬ 
tion is very expensive even for systems with 2 or 3 dimensions, 
and this takes a majority of the time in these benchmarks. Our 
approach does not construct abstractions explicitly. Einally, 
Eig compares the regions W (an ellipsoid) obtained for 
system with ID 18 against the winning region for the RWS 
property using the CEGAR-based approach 12^ . 

Simulation: The dynamics of the inverted pendulum on 
a cart example (ID 7) are given as ^ = cc, oj = 

^sin{0) — + ^co5(6>)i 4, where g, h, I and m are 

constants. We used Taylor expansion to approximate the 
trigonometric function, and the input u is discretized to be in 
set {—30,30}. Considering region S = [—1.5,1.5] x [—4,4], 
a I = 0.5, ac = 0.2, eg = 0.05 and parameters e^i = 0.1, 
CTg = 0.05 and 6 = 10“^, we find the CEE V{[0 uj]^) = 
0.65625^^ + 0.69043x^ + 2.2539x^. The underapproximate 
minimal dwell time r = 0.00025. Eigurej^ shows a simulation 
with initial state [O^uj] = [1 — 2]. 


TABLE I 

Results of running our implementation on the benchmark suite 


Legend: n: # state variables, |Q|: # modes, , (5: dReal precision, itr : # iterations, time: total computation time, Z3 T: time taken by Z3, dReal T: time taken 
by dReal, OM: Out of Memory, /: Proper Radial CLF Found, H: Failed. All timings are in seconds. 


Problem 

Parameters 

Results 

Other tools 

ID 

n 

IQI 

eg 

^Ti 


(5 

itr 

z3 T 

dReal T 

Tot. Time 

Status 

Tool 1 Tool Time Rem. 

I 

2 

2 

O.OI 

O.I 

0.01 

o 

1 

O' 

15 

0.4 

4.6 

5.3 

/ 

-NA- 

2 

2 

2 

0.0001 

O.I 

O.I 

10-^ 

15 

0.5 

5.6 

6.6 

/ 

- NA - 

3 

2 

2 

0.001 

O.I 

O.I 

o 

1 

OI 

7 

0.0 

2.3 

2.5 

/ 

-NA- 

4 

2 

5 

0.0001 

O.I 

0.0001 

1 

O 

1—1 

1 

0.0 

0.8 

0.8 

/ 

-NA- 

5 

2 

2 

0.01 

O.I 

0.01 

10-^ 

3 

0.0 

3.4 

3.6 

/ 

PESSOA 

42.8 

(Rl) 

6 

2 

3 

0.05 

O.I 

0.05 

o 

1 

Oi 

13 

0.1 

49.2 

50.0 

/ 

PESSOA 

6881.1 

(Rl) 

7 

2 

2 

0.001 

O.I 

0.001 

10-4 

6 

0.1 

1.6 

2.0 

/ 

- NA - 

8 

2 

2 

O.I 

O.I 

O.I 

10-' 

6 

0.1 

3.6 

4.0 

/ 

CoSyMA 

3.2 

(r2) 

9 

3 

4 

0.001 

O.I 

0.001 

o 

1 

1 

0.0 

2.8 

2.8 

/ 

CoSyMA 

1.8 

(Rl) 

10 

3 

4 

0.05 

0.2 

0.05 

10-4 

8 

4.4 

80.8 

86.2 

/ 

- NA - 

II 

3 

3 

0.0001 

O.I 

0.01 

lO-'" 

15 

25.3 

59.6 

86.3 

/ 

- NA - 

12 

3 

5 

0.0001 

O.I 

O.I 

O 

1 

O' 

8 

8.0 

41.4 

50.4 

/ 

-NA- 

13 

3 

2 

0.001 

0.5 

0.5 

10-^ 

17 

61.7 

116.1 

179.8 

/ 

- NA - 

14 

3 

2 

1.0 

O.I 

lO.O 

o 

1 

Oi 

36 

48.1 

57.3 

108.4 

/ 

|22l 

5319.5 

see Fig. |2 

15 

4 

5 

0.001 

O.I 

0.001 

O 

1 

1 

0.0 

27.8 

27.8 

/ 

CoSyMA 

OM (494.0) 

(r3) 

16 

4 

2 

0.0001 

O.I 

0.01 

10-^ 

4 

- >lhr- 

n 

- NA - 

17 

4 

2 

0.001 

O.I 

O.I 

1 

o 

1 — 1 

4 

- >lhr- 

n 

-NA- 

18 

5 

6 

0.001 

O.I 

0.001 

o 

1 

1 

0.0 

649.7 

650.0 

/ 

CoSyMA 

OM (571.0) 

(r3) 

19 

6 

4 

0.001 

O.I 

0.001 

10-4 

2 

0.5 

2994.0 

2995.6 

/ 

CoSyMA 

OM 


20 

9 

4 

0.001 

O.I 

0.001 

o 

1 

1 

- >lhr- 

n 

CoSyMA 

OM 



(r1): Parameters as reported in the related works ( 3 |[ 21 - (R2): Parameters: N = 2, t = 0.1, rj = 0.008. Controllability Ratio 47.2% (21 (R3): Couldn’t 
reproduced (OM). Timings as reported in (35). 



Fig. 2. Region W (red) is for our method and the winning region after 350 
iterations (blue) for the approach of Nilsson et al. (23. 

VI. Conclusion 

We have demonstrated a CEGIS procedure for synthesizing 
CLFs for switched systems to ensure RWS and satisfy a 
minimal dwell time requirement. We have demonstrated some 
preliminary evidence of the applicability of our approach to 
many examples. Moving forward, we are exploring the use of 
relaxations such as sum-of-squares (SOS) programming and 
Bernstein polynomials, while ascribing witnesses when the 
formula turns out to be satisfiable. 

References 

[1] A. Solar-Lezama, “Program synthesis by sketching,” 
Ph.D. dissertation, 2008. 

[2] A. Solar-Lezama, L. Tancau, R. Bodik, S. Seshia, and 
V. Saraswat, “Combinatorial sketching for finite pro¬ 
grams,” in ACM Sigplan Notices, vol. 41, no. 11. ACM, 
2006, pp. 404-415. 



time 


Fig. 3. Simulation of execution trace of the Inverted Pendulum example 

[3] R. Alur, R. Bodik, G. Juniwal, M. M. Martin, 
M. Raghothaman, S. A. Seshia, R. Singh, A. Solar- 
Lezama, E. Torlak, and A. Udupa, “Syntax-guided syn¬ 
thesis,” in FMCAD’13. IEEE, 2013, pp. 1-17. 

[4] L. de Moura and N. Bjprner, “Z3: An efficient SMT 
solver,” in TACAS, ser. LNCS, vol. 4963. Springer, 2008, 
pp. 337-340. 

[5] S. Gao, S. Kong, and E. M. Clarke, “dReal: An SMT 
solver for nonlinear theories over the reals,” in CADE, 
2013, pp. 208-214. 

[6] P. A. Parillo, “Semidefinite programming relaxation for 
semialgebraic problems,” Mathematical Programming 
Ser. B, vol. 96, no. 2, pp. 293-320, 2003. 

















































































[7] A. Papachristodoulou and S. Prajna, “On the construction 
of lyapunov functions using the sum of squares decom¬ 
position,” in Proc. CDC, vol. 3. IEEE, 2002, pp. 3482- 
3487. 

[8] B. Tibken, “Estimation of the domain of attraction for 
polynomial systems via LMIs,” in IEEE CDC, vol. 4. 
IEEE Press, 2000, pp. 3860-3864 vol.4. 

[9] Z. Artstein, “Stabilization with relaxed controls,” Non¬ 
linear Analysis: Theory, Methods & Applications, vol. 7, 
no. 11, pp. 1163-1173, 1983. 

[10] D. Henrion, J. Lofberg, M. Kocvara, and M. Stingl, 
“Solving polynomial static output feedback problems 
with PENBMI,” in Proc. CDC-ECC. IEEE, 2005, pp. 
7581-7586. 

[11] L. El Ghaoui and V. Balakrishnan, “Synthesis of fixed- 
structure controllers via numerical optimization,” in Proc. 
CDC, vol. 3. IEEE, 1994, pp. 2678-2683. 

[12] S. Gaubert, E. Goubault, A. Taly, and S. Zennou, “Static 
analysis by policy iteration on relational domains,” in 
PEAS. Springer, 2007, pp. 237-252. 

[13] W. Tan and A. Packard, “Searching for control lyapunov 
functions using sums of squares programming,” in Aller- 
ton Conference, 2004, pp. 210-219. 

[14] L. Rifford, “Existence of lipschitz and semiconcave 
control-lyapunov functions,” SIAM Journal on Control 
and Optimization, vol. 39, no. 4, pp. 1043-1064, 2000. 

[15] D. Liberzon, Switching in systems and control. Springer, 
2003. 

[16] H. Lin and P. J. Antsaklis, “Stability and stabilizability 
of switched linear systems: a survey of recent results,” 
Trans. Aut. Control, vol. 54, no. 2, pp. 308-322, 2009. 

[17] H. Lin and P. Antsaklis, “Hybrid dynamical systems: An 
introduction to control and verification,” Eound. Trends 
Syst. Control, vol. 1, no. 1, pp. 1-172, 2014. 

[18] A. Taly and A. Tiwari, “Switching logic synthesis for 
reachability,” in Proc. EMSOET. ACM, 2010, pp. 19- 
28. 

[19] R. Dimitrova and R. Majumdar, “Deductive control syn¬ 
thesis for alternating-time logics,” in Proc. EMSOET. 
ACM, 2014, pp. 14:1-14:10. 

[20] J. Mazo, Manuel, A. Davitian, and P. Tabuada, “PES- 
SOA: a tool for embedded controller synthesis,” in CAV, 
ser. LNCS. Springer, 2010, vol. 6174, pp. 566-569. 

[21] J. Camara, A. Girard, and G. Gossler, “Synthesis of 
switching controllers using approximately bisimilar mul¬ 
tiscale abstractions,” in Proc. HSCC. ACM, 2011, pp. 
191-200. 

[22] P. Nilsson and N. Ozay, “Incremental synthesis of switch¬ 
ing protocols via abstraction refinement,” in Proc. CDC. 
IEEE, 2014. 

[23] H. Lin and P. J. Antsaklis, “Switching stabilizability 
for continuous-time uncertain switched linear systems,” 
Trans. Aut. Control, vol. 52, no. 4, pp. 633-646, 2007. 

[24] J. C. Geromel and P. Colaneri, “Stability and stabiliza¬ 
tion of continuous-time switched linear systems,” SIAM 
Journal on Control and Optimization, vol. 45, no. 5, pp. 


1915-1930, 2006. 

[25] E. Asarin, O. Boumez, T. Dang, O. Maler, and A. Pnueli, 
“Effective synthesis of switching controllers for linear 
systems,” Proc. IEEE, vol. 88, no. 7, pp. 1011-1025, 
2000. 

[26] G. Erehse, S. K. Jha, and B. H. Krogh, “A 
counterexample-guided approach to parameter synthesis 
for linear hybrid automata,” in Proc. HSCC. Springer, 
2008, pp. 187-200. 

[27] B. Yordanov and C. Bella, “Parameter synthesis for 
piecewise affine systems from temporal logic specifica¬ 
tions,” in Proc. HSCC. Springer, 2008, pp. 542-555. 

[28] U. Topcu, A. Packard, P. Seiler, and T. Wheeler, “Stabil¬ 
ity region analysis using simulations and sum-of-squares 
programming,” in Proc. ACC. IEEE Press, 2007, pp. 
6009-6014. 

[29] J. Kapinski, J. V. Deshmukh, S. Sankaranarayanan, and 
N. Arechiga, “Simulation-guided lyapunov analysis for 
hybrid dynamical systems,” in Proc. HSCC. ACM, 2014, 
pp. 133-142. 

[30] D. Liberzon and A. S. Morse, “Basic problems in sta¬ 
bility and design of switched systems,” Control Systems, 
IEEE, vol. 19, no. 5, pp. 59-70, 1999. 

[31] W. Perruquetti, J. Richard, and P. Borne, “Lyapunov anal¬ 
ysis of sliding motions: Application to bounded control,” 
Mathematical Problems in Engineering, vol. 3, no. 1, pp. 
1-25, 1996. 

[32] S. Saat, M. Krug, and S. K. Nguang, “A nonlinear 
static output controller design for polynomial systems: 
An iterative sums of squares approach,” in Proc. ICOM. 
IEEE, 2011, pp. 1-6. 

[33] L. Greco, “Stability and stabilization issues in switched 
systems,” Ph.D. dissertation, 2005. 

[34] UCLA CyPhy Lab., “PESSOA: Toolbox for the synthesis 
of correct-by-design embedded control software.” 

[35] S. Mouelhi, A. Girard, and G. Gossler, “Cosyma: a tool 
for controller synthesis using multi-scale abstractions,” 
in Proc. HSCC. ACM, 2013, pp. 83-88. 

[36] E. A. Gol, X. Ding, M. Lazar, and C. Bella, “Einite 
bisimulations for switched linear systems,” in Proc. CDC. 
IEEE, 2012, pp. 7632-7637. 

[37] ETH Zurich - Automatic Control Laboratory, “Lyapunov 
based control,” Sep 2014. [Online]. Available: tinyurl. 
com/q9xng3y 

[38] S. Pettersson and B. Lennartson, “Stabilization of hybrid 
systems using a min-projection strategy,” in Proc. ACC. 
IEEE, 2001, pp. 223-228. 

[39] W. Zhang, A. Abate, J. Hu, and M. P. Vitus, “Exponential 
stabilization of discrete-time switched linear systems,” 
Automatica, vol. 45, no. 11, pp. 2526-2536, 2009. 

[40] L. Eaubourg and J.-B. Pomet, “Design of control lya¬ 
punov functions for homogeneous jurdjevic-quinn sys¬ 
tems,” 1999. 


Appendix A 
Proofs 

Proof of Theoremj^ For each q & Q, there exists a minimum 
dwell time 5m,q > 0 such that for any time T > 0 with 
tr,(T) = q, if’(a) trx(T) gS\G, (b) VgiUx{T)) < -eg 
and (c) trx{t) £ S \ G for all t E [T,T + Sm q], then (Vf G 
[T,T + Sm,q))Vqitrx{t))<-^-^. 

A constructive proof is provided here. Assume at time T 
s.t. 

Vq{trx{T)) < -eg (9) 

and lot T S (6 > 0) be the minimum time where 
Vq{UxiT + 5))>-"-f 
if 

(Vt e[T,T AS]) trg(f) = qAtrx{t)eS\G 
Let : X ^ M be 


Since S\G is a. bounded set and Vq is a polynomial, there 
exist ei > 0 s.t. 

(VxGtS\G) y,(x) <ei (10) 

Also 

nT+5 

Vq{Ux{T + 5)) = Vq{Xrx{T)) + j Vq{Ux{t))dt 

^‘‘"^A^^<Vq{trxiT)) + e,S 
Then, we can conclude 

The above arguments suggest that if Vq{Ux{T)) < —eg 
for a mode q, then without switching there exists 6m,q > 0 
in above argument) s.t. 

(Vt G [T,T + 5m,q]) n(trx(f)) < -^) 

Proof of Theorem]^ Given compact sets S,G, I C int{S), a 
plant and a CLF V (x) w.r.t (/, G, S) with associated region 
W, and a controller function switch that conforms to Equation 
the closed loop satisfies the following properties. 

1) System satisfies RWS w.r.t (fL, G, S'). 

2) All the traces of the closed loop system starting from W 
are time divergent before reaching G. 

First, we show that / \ G C int{W) and fL \ G C int{S). 
Remember W : {x|l/(x) < ^5} flS'. By definition W\G C S 
and (Vx G dS) V{'k) > /3. Therefore, W C int{S). Also, 
(Vx G / \ G) l^(x) < P and consequently I \ G C int{W). 

According to Theorem whenever there is a switch to a 
mode q, then the output of the controller remains q for at least 
6m,q time unit unless trace reaches G or leaves S. 


Now we show that (tr^ G W) =4> (tr^ G W) U (tr^ G 
G). 

Assume that trx(O) G {W\G). trx can not leave S before 
reaching dW or G. Let T > 0 be the first time that trx(T) 
reaches dW before reaching G. Then try(T) = (3. Since 
try(O) < P and (VO <t<T) try(t) < 0, T has to be zero. 
At start {t = 0), since trx(O) G {W \ G), then the controller 
choose a mode q such that try(O) < 0 and therefore, the trace 
leaves the boundary of W and the trace goes to the interior 
of fL (int{W)). 

If (Vt > 0) trx{t) G IL \ G, by the construction of the 
controller, we can conclude time diverges. Also since try (t) < 
— ^ for all times, try decreases to infinity. However, the value 
of V is bounded on bounded set W \G. Therefore, trx can 
not remain in IL \ G and can not reach the boundary of W. 
The only possible outcome for the trace is to reach G. System 
satisfies RWS w.r.t (W,G,W) and therefore it satisfies RWS 
w.r.t {W,G,S). 

Proof of Theorem If the CEGIS procedure were modified 
using Eq. ^ with a given ctj > 0, then there exists a constant 
7^ > 0 such that at each iteration i, Brj{ci) fi G^+i = 0. 

Given a counter example x^ G Rj for c^, the following is 
true 


Ak Fj^k{xi,Ci) >0 (11) 

and the added restriction on C-Space for next iteration is 

Vk < -CTj ( 12 ) 

Let be polynomial Fj^k without monomials which do not 
have variables in c. Since F'- j^ is a polynomial in x and linear 
in c, and Rj is a compact set, there exists Mj ,/e > 0 s.t. 
(Vc G Go) (Vx G Rj) Fj j^{-K,c) > —Mj^k and as a result, 
there exists a 77 > 0 s.t. 

(Vc e Br,{0)) (Vx e Rj){yk) Fj fe(x,c) > -CTj (13) 
Also, 


(Vc G Bqia)) (Vfc) 


Fj^k{^ii c) — Fj^k{^ii Cz) + Fj f^ipCi, Crq) 


where G Br^{0). Therefore, by Equations 11 and 13 


(Vc G Brj{ci)) Ak Fj,/c(xi,c) > -eTj 


and by comparing this to Equation [T^ it is easy to see that x^ 
is a counter example for c G S^(ci). and Br^{ci) D G^+i = 0 


Appendix B 
Benchmark 

The benchmark used in the experiments are examples 
adopted from literature. We consider each of these systems 
as a switched system with RWS as the specification. 

System 1: This system is adopted from (301. There are two 
continuous variables x and y and the dynamics are 

x = y 

y = —X + u 





, where u G {— 1 , 1 }. S = [—1 1 ]^, < 7 / = 0.5 and ac = 0 . 1 . variables 0 (angular position)and uj (angular velocity), and 

System 2: This system is adopted from ED. There are two input u is the applied force to the cart, 

continuous variables x and y and the dynamics are 


X = u 
V = 

, where u G {—4,4}. And region S = [—1 1]^, cr/ = 0.5 and 

(JG = 0.1. 

System 3: This system is adopted from ED. There are two 
continuous variables x and y and the dynamics are 

X = y — x^ 
y = u 


, where u G { — 1,1}. The region of interest is S' = [—1 1]^, 
(jj = 0.5 and ac = 0.05. 

System 4: This system is a switched system adopted from 
ED There are two continuous variables x and y and 5 modes 
(gi, ...,^ 5 ) the dynamics of each mode is described below 


Qi 


0.0403X + 0.568% 
0.6771X - 0.2556^ 


Q2 


X = 0.2617x — 0.2747^ 
y = 1.2134X-0.1331^ 


Q3 


X = 1.4725X - 1.2173^ 
y = 0.0557X - 0.0412^ 




-0.5217X +0.870% 
-1.4320X +0.8075^ 




X = -2.1707X - 1.0106^ 
y = -0.0592X + 0.6145^ 


The region S is [—1 1 ]^, a/ = 0.5 and (Jq = 0.05. 

System 5: This system is adopted from 1201 is a DC motor 
system. There are two continuous variables uj and i, and input 
u is the source voltage. 


UJ = 


i = 


B k 

k R 1 


, where B = 10“^, J = 25 x 10-^ k = 0.05, R = 0.5, 
L = 15 X 10“^ and u G { — 1,1}. The desired point is [uj i] = 
[20 0 ] and by change of basis along with scaling, the following 
system is obtained 


0 = UJ 

UJ = ^sin(O) -H- -cos(0)u 

I mR ml 


, where g = 9.8, = 2, / = 2, m = 0.5 and u G {—30, 30}. 
The region is S' = {[0 uj]^\0 G [—1.5 1.5],i G [—4 4]} , 
< 7 / = 0.5 and cfg = 0.2. 

System 7: This system is a DCDC boost converter adopted 
from ED with two discrete mode (gi, g 2 ), two continuous 
variables i and 1 ;. By a simple change of bases the state i = 
1.35 and v = 5.65 is set as desired point of activity (origin) 
and the following dynamics are obtained. 


qi 


i = 0.0167i + 0.3333 
V = —0.0142i; 


42 


i = -0.0183i - 0.0663^; + 0.3333 
V = 0.0711i - 0.0142^; 


Region of interest is S = {[i v]^\i G [—0.7 0.7], 1 ; G 
[—0.7 0.7]}, a I = 0.3 and (jg = 0.04. Notice region S 
is a little different from the one explained in ED. 

System 8: This system is adapted from (221 . There are two 
continuous variables xi and X 2 and the controller can choose 
between three different modes (gi, g 2 ). By setting xi = —0.75 
and X 2 = 1.75 as the origin, the new dynamics for these modes 
are 


41 

42 

43 


Xi 

= -X2 

— l.bxi - 

- 0.5a;f 

X2 

= xi- 

xl + 2 


X'l 

= -X2 

— 1.5xi - 

- 0.5a;f 

X2 

= xi- 

X2 


Xi 

= -X2 

— l.bxi - 

- 0.5:cf + 2 

X2 

= Xi + 

10 



B . , . k . 

UJ = — — {uj + 2) + —I 

I = -y (CC + 2) - y2 + 

Region of interest S' = {[cc iY\uj G [—1 1],^ G [—1 1]} , 
( 7 / = 0.4 and cfg = 0.05. 

System 6: This system is adopted from 1341 is a model 
of inverted pendulum on a cart. There are two continuous 


Region S'is defined as S' = {[xi X 2 ]^|xi G [—2.25 2.75],^ G 
[—3.25 3.25]} , ( 7 / = 1.0 and cfg = 0.25. Notice that this 
region is a little different from the one introduced in 1 ^ . 
Also, we scale the problem s.t. S = {[xi X 2 Y\xi G 
[-0.45 0.45],^ G [-0.65 0.65]}. 

System 9: The system is a heater for keeping several rooms 
warm l35l . There are 3 rooms ti, t 2 and ts and heater can 
be in one of these room or it can be off. Therefore, there are 
four modes (go, •••, 43) with the following dynamics. The goal 


is to keep ti around 21 (i G {1, 2, 3}). 


(gi,g's) the dynamics of each mode is described below 


r ti = 0.01(—10.5(ti + 21) + 5(t2 + 21) + bits + 21) + 5) 
go \ ^2 = 0.01(5(ti + 21) — 10.5(t2 + 21) + bits + 21) + 5) 

yts — 0.01(5(ti + 21) + 5(t2 + 21) — 10.5(t3 + 21) + 5) 

{ t\ = 0.01(-lL5(ti + 21) + 5(t2 + 21) + 5(t3 + 21) + 55) 
t2 = 0.01(5(ti + 21) - 10.5(t2 + 21) + 5(t3 + 21) + 5) 

ts — 0.01(5(ti + 21) + 5(t2 + 21) — 10.5(t3 + 21) + 5) 

f = 0.01(—10.5(ti + 21) + 5(t2 + 21) + 5(t3 + 21) + 5) 
g2 < t2 = 0.01(5(ti + 21) - lL5(t2 + 21) + 5(t3 + 21) + 55) 

[is = 0.01(5(ti + 21) + 5(t2 + 21) - 10.5(t3 + 21) + 5) 

( ii = 0.01(-10.5(ti + 21) + 5(t2 + 21) + 5(t3 + 21) + 5) 
g3 \ ^2 = 0.01(5(ti + 21) — 10.5(t2 + 21) + 5(t3 + 21) + 5) 

[ts — 0.01(5(ti + 21) + 5(t2 + 21) — 11.5(t3 + 21) + 55) 

Region S' = [—5 5]^, aj = 2.5 and ac = 1. 

System 10: This system with 3 continuous variables and 4 
modes is adopted from [? ]. The dynamics are 


Qi 


X = A.lbx — 1.06y — 6.7z + 1 
< y = 5.74x + 4.78^ — 4 . 682 ; — 4 
i = 26.38x — 6.38^ — 8.29^ + 1 


{ X = —3.2x — 7.6y — 2z 4 
y = 0.9x + 1.2^ — z — 2 
z = x-y6y-^bz — 1 


{ X = b.7bx - 16ASy - 2Alz - 2 
y = 9.51x - 9.49^ + 19.55^ + 1 
i = 16.19x + 4.64^ + 14.052; — 1 


{ X = -12.38X + 18.42^ + 0.54^ - 1 
y = —11.9x + 3.24^ — 16.322; + 2 
2 ; = —26.bx — 8.64^ — 16. 62 ; + 1 


Region of interest is P = [—1 1]^, a/ = 0.5 and cfg = 0.1. 

System 11: The system is a linear switched system, adapted 
from (381. There are three continuous variables x, 2 ; in this 
system and the dynamics for 3 modes (gi, g 2 and gs) are 


Qi 


X = 1.8631X - 0.0053^ + 0.9129^ 
y = 0.2681X - 6.4962^ + 0.0370z 
i = 2.2497X - 6.7180^ + 1.6428z 


(I 2 


X = -2.4311X - 5.1032^ + 0.4565z 
y = —0.0869x + 0.0869^ + 0.01852; 
i = 0.0369X - 5.9869^ + 0.8214^ 


^3 


X = 0.0372X - 0.0821^ - 2.7388z 
y = 0.1941X + 0.2904^ - O.lllOz 
i = -1.0360X + 3.0486^ - 4.9284z 


Region S = [—1 1]^, a/ = 0.3 and cfg = 0.01. 

System 12: This system is a switched system adopted from 
(331. There are three continuous variables x, y, z and 5 modes 


qi 


'x = 0.1764X + 0.8192^ - 0.3179z 
< y = -1.8379X - 0.2346^ - 0.7963z 
i = -1.5023X - 1.6316^ + 0.6908Z 


q2 


X = —0.0420X — 1.0286^ + 0.68922; 
< y = 0.3240X + 0.0994^ + 1.88332; 
i = 0.5065X - 0.1164^ + 0.3254^ 


<73 


X = —0.0952X — 1.7313^ + 0.38682; 
< y = 0.0312X + 0.4788^ + 0.0540^ 
i = -0.6138X - 0.4478^ - 0.4861z 




'x = 0.2445X + 0.1338^ + 1.1991z 
< y = 0.7183X - 1.0062^ - 2.5773^ 
i = 0.1535x + 1.3065^ — 2.08632; 


<75 


'x = -1.4132X - 1.4928^ - 0.3459^ 
< y = —0.5918x — 0.0867^ + 0.98632; 
i = 0.5189X - 0.0126^ + 0.6433z 


Region S = [—3 3]^, a/ = 1 and aG = 0.1. 

System 13: This system is adopted from (32l. There are 
three continuous variables x, y, z and the dynamics are 

X = —lOx + 10^ + u 
y = 23x — y — xz 
z = xy — 2.66672; 

, where u G {—100,100}. And region S = [—5 5]^, a/ = 1.2 
and aG = 0.3. 

System 14: This system is a radiant system in building 
adopted from f2^ which is a switched linear system with 
three continuous variables (Tc, Ti and T 2 ) and two modes 
(Qi, 42 )- By setting Tc = 24 and Ti = T 2 = 23 as the new 
origin, the dynamics obtained are 


{ tc = 2.25Ti + 2 . 25 T 2 - 9.26Tc - 14.54 
Ti = 2.85T2 - 7.13Ti + 4.04Te + 4.04 
T 2 = 2.85Ti - 7 .I 3 T 2 + 4.04Tc + 4.04 



tc = 2.25Ti + 2 . 25 T 2 - 4.5Te + 4.5 
Ti = 2.85T2 - 7.13Ti + 4.04Tc + 4.04 
T 2 = 2.85Ti - 7 .I 3 T 2 + 4.04Te + 4.04 


Region S = [—6 6 ]^, aj = 3 and aG = 1. 

System 15: The system is similar to System except that 
the number of dimensions is 4. See (35l. 

System 16: The original system is a switched control sys¬ 
tem with inputs from (39l . There are 4 variables (w, x ,y and 
z) and 4 original modes. After converting the discrete system 
into a continuous one, the dynamics are 












= —0.693i(; — 1.099a: + 2.197y + 3.296^ — 7.8201/ 

= -1.792X + 2.1971/ + 4.394Z - 8.735i/ 

= -1.097X + 1.5041/ + 2.197Z - 2.746i/ 

= 0.406^ + 3.2441/ 

= -1.7921/; - 1.099X + 2.197i/ + 1.099z + 6.696i/ 

= 0.406x — 2.197i/ + 4.734i/ 

= —0.693i/ + 2.773i/ 

= -2.1971/; - 1.099a; + 2.197i/ + 1.504z + 4.263i/ 

= 0.4061/;+ 0.8111/ 

= 1.0991/; - 0.144a; + 0.549i/ - 0.549z + 1.910i/ 

= 0.549a; - 0.144i/ - 0.549z + 3.871i/ 

= 1.099i/; — 0.6932; + 4.970i/ 

= —0.693i/; + 2.000a; + 1.863i/ 

= -0.693a;+ 4.1591/ 

= -0.6931/ + 2.7731/ 

= 4.000a; — 4.000^ — 0.6932; — 1.069i/ 

G { — 1,1} and Region of interest is S = [—1,1]^, 
<7/ = 0.1 and ac = 0.1. 

System 17: This system is a Tora system and the equations 
are adopted from 1401 . There are 4 variables in this system 
with the following dynamics 

w = X 

X = —w + 0.1 sm{y) 
y = z 
z = u 

, where u G [—10,10] and region S = [—1,1]^, u/ = 0.1 and 

UG = 0.02. 

System 18: The system is similar to System except that 
the number of dimensions is 5. See oa. 

System 19 : This system is 6 variables version of System]^ 
and there are 6 rooms and 2 heaters and only consider 4 modes 
considered. The heater is off for one mode (qo) and for mode 
(1 < ^ < 3), two heaters are on in rooms i and 3 + i. 
System 20: This system is 9 variables version of System 
and there are 9 rooms and 3 heaters and only consider 4 modes 
considered. The heater is off for one mode (qq) and for mode 
(1 < ^ < 3), three heaters are on in rooms i, 3 + / and 6 + i. 


qi 


q2 


qs 


^4 


, where u 



